Health tech company HealthEquity has suffered a data breach, though unconnected to other recent attacks.
The company revealed that attack in a filing with the Securities and Exchange Commission (SEC) earlier this week, saying that hackers had stolen the “protected health information” of some customers.
According to the filing, the company earlier this year uncovered “anomalous behavior” connected to a business partner’s personal device. HealthEquity also determined that this partner’s account was compromised by a hacker who used the account to access members’ information, including protected health information.
The breach was reported Wednesday (July 3) by TechCrunch. Amy Cerny, a spokesperson for HealthEquity, told the news outlet that the breach was “an isolated incident” and not connected to other recent attacks, like the one on UnitedHealth-owned Change Healthcare earlier this year.
That report says HealthEquity found the breach on March 25, and “took immediate action, resolved the issue, and began extensive data forensics, which were completed on June 10.”
The company assembled “a team of outside and internal experts to investigate and prepare for response.” Its investigation found that the breach stemmed from the fact that the compromised third-party vendor account had access to “some of HealthEquity’s SharePoint data,” Cerny told TechCrunch.
The breach comes amid what PYMNTS described Thursday (July 4) as the “year of the cyberattack,” following a number of high-profile breaches.
In addition to the Change Healthcare attack, the past few weeks have also seen high-profile breaches at companies ranging from car dealership software maker CDK Global to Neiman Marcus to Evolve Bank & Trust.
“This heightened emphasis on cybersecurity coincides with a broader debate surrounding data security in the connected economy, particularly in connected workplaces and smart homes, where the growing use of connected devices highlights new vulnerabilities, given the vast amounts of personal data they gather,” PYMNTS wrote.
The PYMNTS Intelligence report “Fraud Management in Online Transactions” found that most eCommerce merchants suffered cyberattacks or data breaches in the past year. Eighty-two percent of such businesses suffered an attack in that time, and 47% said the breaches had meant lost revenue and lost customers.
“It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity. What’s different now is that both sides are armed with some really impressive technology,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS.
“On the automation side, it’s all about data. It’s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you’ve got to have that information there, and you’ve got to connect it together. That’s step one.”